From a272c058524f4211cd3cf707fb71f1489d43b01b Mon Sep 17 00:00:00 2001
From: Chris Westra <bestra@github.com>
Date: Thu, 14 May 2026 14:35:48 -0400
Subject: [PATCH] Document Copilot Spaces PAT requirements

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index a12f1531a..c3135407d 100644
--- a/README.md
+++ b/README.md
@@ -1413,6 +1413,11 @@ The following sets of tools are available:
 
 <summary>Copilot Spaces</summary>
 
+- **Authentication note**
+  - Fine-grained PATs are not hidden by classic PAT scope filtering, so these tools may still appear even when the token cannot use them.
+  - For org-owned spaces, fine-grained PATs must be installed on the owning organization and include `organization_copilot_spaces: read`.
+  - If an org-owned space contains repository-backed resources, the token must also have access to every referenced repository or the space may be treated as not found.
+
 - **get_copilot_space** - Get Copilot Space
   - `owner`: The owner of the space. (string, required)
   - `name`: The name of the space. (string, required)